ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Chinese Ebook Downloader

v2.0.0

Download Chinese-language ebooks from multiple sources with automatic A→B→C fallback. Primary source: online book library with ~100% coverage, no daily limit...

0· 85·0 current·0 all-time
by@lb1121
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description align with the included scripts: the code implements multi‑source search, browser automation (Playwright), decrypting file hosts, curl downloads, ZIP extraction and EPUB→PDF conversion. However the package metadata claims 'no required binaries' and 'no required env vars' while the code clearly depends on external tooling and libraries (Playwright, curl, unzip, file, weasyprint/ebooklib, CJK fonts) and even references a hard‑coded Python interpreter path. This mismatch between declared requirements and what the code needs is an incoherence the user must resolve.
Instruction Scope
SKILL.md and the scripts instruct the agent (and the user) to automate browser interactions: enter passwords, wait countdowns, extract JS variables from pages and run JS via page.evaluate to call file-host APIs, then download with curl and extract files. Those steps are within the downloader's purpose, but the automation intentionally executes extracted/constructed JS in a browser context and runs arbitrary downloads and subprocesses. That increases the attack surface (malicious remote pages could cause unexpected network activity). The instructions do not ask the agent to read unrelated system files or credentials.
!
Install Mechanism
There is no install spec (instruction-only install), but the bundle includes many Python scripts which require installing dependencies manually. README mentions Playwright and pip packages, but the registry metadata declared no required binaries. Several scripts assume system binaries exist (curl, unzip, file) and one shell script and multiple Python scripts hard-code an absolute PYTHON path (/opt/homebrew/.../env9/bin/python) and paths under ~/.openclaw/workspace — these are brittle and incoherent with a cross‑platform skill. Lack of an install step means users may run these scripts with missing dependencies or unexpected interpreter versions.
Credentials
The skill does not declare required environment variables in the registry manifest, but the README and code reference optional env vars (SOURCE_A_BASE_URL, SOURCE_B_BASE_URL, FILE_HOST_BASE_URL, EBOOK_DEFAULT_PASSWORD). These are reasonable for configuring source hosts and a default extraction password. The skill does not request unrelated secrets (AWS keys, tokens). Still, default passwords and host base URLs can be changed via env; ensure you don't accidentally set sensitive values there.
Persistence & Privilege
The skill is not always-enabled and will not autonomously be force‑included in all agent runs (always: false). It does not modify other skills or global agent settings. It does read and write files in user directories (/tmp and under the user's home) which is expected for a downloader.
What to consider before installing
Key points before you install/use: - Functional fit: The skill appears to do what it claims (automated ebook search/download + conversion). The included scripts perform browser automation, decrypt file-host pages, call APIs, and download files. - Missing/declarative mismatches: The registry says 'no required binaries' but the code needs: Playwright (and a browser runtime), Python packages (playwright, ebooklib, weasyprint), system tools (curl, unzip, file), and CJK fonts. Several scripts contain a hard-coded Python interpreter path (/opt/homebrew/...), which will likely fail on other systems. Expect to manually install dependencies and edit paths. - Security surface: The automation executes JavaScript extracted from third-party pages (page.evaluate), launches headless browsers, and executes shell commands (curl, unzip, subprocess.run). That is expected for this downloader but increases risk: a malicious or compromised download page could trigger unexpected network requests or server‑side interactions. To reduce risk, run this skill only in an isolated environment (container, VM, or dedicated machine), review the code paths that call page.evaluate and subprocess.run, and avoid running with elevated privileges. - Legal and policy: The skill is designed to retrieve ebooks from sites and file hosts (including Anna's Archive/libgen mirrors). That may conflict with copyright law or your organization's acceptable-use policy. Confirm legality and policy compliance before using. - Practical recommendations: - Install and test dependencies in a sandbox (virtualenv/conda, container). Follow README for Playwright setup. - Replace or remove hard-coded PYTHON paths and verify environment values (SOURCE_* variables) point to expected hosts. - Inspect and, if desired, restrict network access for the process (e.g., block outbound except to known sources) when testing. - If you want to use it as an OpenClaw skill, add an explicit install step and declare required binaries and env vars so the runtime can validate prerequisites. If you want, I can: list the exact files/lines that reference hard-coded paths and subprocess calls, extract all external hostnames the code references, or generate a minimal checklist of the packages/commands to install to run this safely in a container.

Like a lobster shell, security has layers — review code before you run it.

latestvk9770158x4mx4n31sjc79bp3hh83kyrn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments